Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1eaf3556-9e06-495a-a719-8b5c7fdaa189.roa
File:                     1eaf3556-9e06-495a-a719-8b5c7fdaa189.roa (raw, json)
Hash identifier:          aO3D0NmquPMAzLuigFI3AcooT7pVJ3vZP9fyRgIL2HY=
Subject key identifier:   2A:7B:A4:FC:9D:CA:10:E8:CF:98:AC:31:F5:25:B9:98:19:7E:31:58
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       6A8858FF09501D06BE5B3454A3AB161AE3D3F99F
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1eaf3556-9e06-495a-a719-8b5c7fdaa189.roa
Signing time:             Tue 13 Dec 2022 00:00:00 +0000
ROA not before:           Tue 13 Dec 2022 00:00:00 +0000
ROA not after:            Fri 16 Dec 2022 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:88:58:ff:09:50:1d:06:be:5b:34:54:a3:ab:16:1a:e3:d3:f9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Dec 13 00:00:00 2022 GMT
            Not After : Dec 16 23:59:59 2022 GMT
        Subject: serialNumber=100b2d79742fec61205155bda6b310dd7fa1be51a2ff5f248e67a6d3fdf10b55, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:76:72:15:f3:6a:44:ee:22:52:97:92:a0:3f:
                    47:1b:c1:06:1c:12:d1:d8:e2:2f:f9:be:da:a1:25:
                    29:7f:a1:2e:d8:b0:4b:bd:c4:ba:0d:89:ca:ab:e3:
                    c5:ae:ae:6e:82:18:44:61:13:9d:bc:c4:ca:51:57:
                    60:86:6c:72:f5:b9:6d:49:24:97:b6:35:5b:10:b2:
                    17:54:d5:7d:56:7d:3d:34:bf:8a:1e:3d:09:6e:1e:
                    73:83:03:ac:c7:c0:02:16:7f:66:cc:56:28:6e:90:
                    dc:4d:fd:54:35:db:29:9a:89:2c:05:5b:36:57:93:
                    6c:41:e4:f0:bf:b0:5a:db:17:29:f9:02:28:5e:bf:
                    2d:fa:97:44:26:3a:f7:ac:3c:23:a8:b0:0c:53:fb:
                    af:31:af:f6:8c:26:d8:bb:2a:2f:f8:cc:83:71:88:
                    41:01:e3:84:e4:bf:f8:9b:d4:bd:2f:07:2f:b6:7c:
                    da:1d:28:05:cd:1c:54:7d:bc:f2:41:5c:1c:26:ad:
                    78:f5:63:1c:fe:da:bc:24:14:7c:c8:6e:1e:87:65:
                    9e:06:7f:97:fc:58:d1:ff:51:ee:32:b2:06:e3:ed:
                    19:2c:d8:55:97:e1:00:87:07:3e:d7:ad:4f:48:38:
                    68:91:42:0c:b8:f9:80:24:ac:4c:be:db:f1:8a:13:
                    52:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7B:A4:FC:9D:CA:10:E8:CF:98:AC:31:F5:25:B9:98:19:7E:31:58
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/1eaf3556-9e06-495a-a719-8b5c7fdaa189.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:91:ad:4e:46:c8:40:48:f0:3c:a8:de:a6:1f:eb:5d:00:19:
         a0:82:e6:1b:ed:26:67:e9:ba:dd:fe:ae:3a:4f:a5:39:4d:33:
         95:da:8b:e1:64:be:0b:b6:e5:84:c7:cd:a7:56:7a:d5:b1:9a:
         d5:a3:3e:13:3f:d2:0e:20:7c:72:b4:2b:f7:64:2d:26:17:bd:
         bf:1f:5e:34:ff:8a:97:97:ec:f3:32:01:43:9f:d1:11:51:43:
         6c:24:0b:2a:4d:ae:ea:b3:bd:5c:4d:d8:40:89:6a:1c:5d:86:
         82:b1:01:51:90:5e:51:95:38:c4:8b:8f:da:07:b5:97:2e:9c:
         8d:24:71:66:ac:1b:06:01:02:d1:8f:07:32:84:19:bf:38:9f:
         74:44:2f:c6:a1:dc:0b:d2:a1:3e:85:02:39:e0:6b:0f:6a:dc:
         90:c5:72:ba:74:a2:e9:a6:35:ea:a9:14:79:46:59:9b:09:b8:
         d8:a0:ad:42:50:7e:be:3e:b5:b0:aa:7a:f1:a2:70:55:f2:47:
         d4:bc:15:bd:1a:e5:e1:7a:47:6b:06:8a:75:e6:42:6f:52:d9:
         97:a3:aa:5d:fb:b0:1a:c3:97:9f:83:17:d0:e5:72:cd:6f:6d:
         72:74:6e:08:ee:4b:65:9b:d7:42:76:74:80:a9:5e:e0:de:aa:
         f3:f9:b4:a3
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUaohY/wlQHQa+WzRUo6sWGuPT+Z8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjIxMjEzMDAwMDAwWhcNMjIxMjE2MjM1OTU5
WjCBpTFJMEcGA1UEBRNAMTAwYjJkNzk3NDJmZWM2MTIwNTE1NWJkYTZiMzEwZGQ3
ZmExYmU1MWEyZmY1ZjI0OGU2N2E2ZDNmZGYxMGI1NTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJt2chXzakTuIlKXkqA/RxvBBhwS0djiL/m+2qElKX+hLtiwS73E
ug2Jyqvjxa6uboIYRGETnbzEylFXYIZscvW5bUkkl7Y1WxCyF1TVfVZ9PTS/ih49
CW4ec4MDrMfAAhZ/ZsxWKG6Q3E39VDXbKZqJLAVbNleTbEHk8L+wWtsXKfkCKF6/
LfqXRCY696w8I6iwDFP7rzGv9owm2LsqL/jMg3GIQQHjhOS/+JvUvS8HL7Z82h0o
Bc0cVH288kFcHCatePVjHP7avCQUfMhuHodlngZ/l/xY0f9R7jKyBuPtGSzYVZfh
AIcHPtetT0g4aJFCDLj5gCSsTL7b8YoTUnUCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBQqe6T8ncoQ6M+YrDH1JbmYGX4xWDAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMWVhZjM1NTYtOWUwNi00OTVhLWE3MTktOGI1YzdmZGFhMTg5LnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIiRrU5GyEBI8Dyo
3qYf610AGaCC5hvtJmfput3+rjpPpTlNM5Xai+Fkvgu25YTHzadWetWxmtWjPhM/
0g4gfHK0K/dkLSYXvb8fXjT/ipeX7PMyAUOf0RFRQ2wkCypNruqzvVxN2ECJahxd
hoKxAVGQXlGVOMSLj9oHtZcunI0kcWasGwYBAtGPBzKEGb84n3REL8ah3AvSoT6F
Ajngaw9q3JDFcrp0oummNeqpFHlGWZsJuNigrUJQfr4+tbCqevGicFXyR9S8Fb0a
5eF6R2sGinXmQm9S2Zejql37sBrDl5+DF9Dlcs1vbXJ0bgjuS2Wb10J2dICpXuDe
qvP5tKM=
-----END CERTIFICATE-----